Description: Three easy steps to world domination:
Pwn a bunch of SOHO routers.
I can help you with Step 1. In this talk, I'll describe several 0-day vulnerabilities in Netgear wireless routers. I'll show you how to exploit an unexposed buffer overflow using nothing but a SQL injection and your bare hands. Additionally, I'll show how to use the same SQL injection to extract arbitrary files from the file systems of the wifi routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.
Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before becoming a slacker, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.
PDF: - https://media.defcon.org/dc-20/presentations/Cutlip/DEFCON-20-Cutlip-Rooting-SOHO-Routers.pdf
Paper : -https://media.defcon.org/dc-20/presentations/Cutlip/DEFCON-20-Cutlip-Rooting-SOHO-Routers-WP.pdf
Extra : - https://media.defcon.org/dc-20/presentations/Cutlip/Extras.zip
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=Tm44Ge1QMsM